Atty Dkt. No. 
US, Serial Na 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 1 of 25 



PACKET 
INTERROGATION 
FLOW 

120. 



1 



NPU MODE A FLOW 

.'■ 140 



I 



NPU MODE B FLOW 
16Q 



I 



COMPOSE PACKET 
FLOW - 
IfiQ 



ADDRESS TRANSLATION 
FLOW 
100 



FIG. 1 



' Atty Dkt. No. NVDA P000605 US 

U.S. Serial No. Unkown 
Filed: Herewith 
Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 2 of 25 




FIG. 2A-1 



' Attybkt.No. NVDA POO06O5 US 

U.S. Serial No. Unkown 
1 Filed: Herewith 

TUle^DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No. : EV 324942700 US 
Page 3 of 25 



WIRELESS 
• FLOW 
113 



NON-DATA 
WIRELESS FRAME? 
108 




YES 



DID THE FRAME ^s. / E 

COME FROM THE HOST? ^>~+\ ra 
115 m 




FIG. 2A-2 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 4 of 25 




NPU MODE A 
FLOW 
14£> 



. -i 



PORTION OF 
COMPOSE PACKET 

FLOW . 

180 



COMPOSE PACKET 

,'l££ 



1 



TRANSMIT PACKET 
151" 



4 . 




FIG. 2B-1 



Atty Dkt. No. NVDA P000605 US 

U.S. Serial No. Unkown 

Filed: Herewith 

Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 

FOR NETWORK PROTOCOL PROCESSING 

Express Mail No.: EV 324942700 US 

Page 5 of 25 



NPU MODE A 
FLOW 
14GA 




PORTION OF 
COMPOSE PACKET 
FLOW 



FIG. 2B-2 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605.US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 6 of 25 



NPU MODE B 
FLOW 
1SQ 




NAT FILTERING 

"\ 137 . 



BRIDGING AND 
ROUTING 
138 




Atty Dkt. No. NVDA P000605 US 

U.S. Serial No. Unkown 

Filed: Herewith 

Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 

FOR NETWORK PROTOCOL PROCESSING 

Express Mail No.: EV 324942700 US 

Page 7 of 25 




TRANSMIT PACKET 
15Z 




FIG, 2D-1 



Atty Dkt. No. NVDA P000605 US 

U.S. Serial No. Unkown 

Filed: Herewith 

Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 

FOR NETWORK PROTOCOL PROCESSING 

Express Mail No.: EV 324942700 US 

Page 8 of 25 




COMPOSE PACKET 
. FLOW 
1SQA 



PREFIXES THE SAME? 
202 



YES_ 



OUTBOUND FILTERING 

155 " 



COMPOSE PACKET 
156 



I 



TRANSMIT PACKET 
15Z 




FIG. 2D-2 



Arty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 9 of 25 



BRIDGING AND ROUTING 
; . FLOW 




FIG. 3A 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 10 of 25 



BRIDGING AND ROUTING 
FLOW 

^ im. 






^r. IP 

^DESTINATION ADDRESS If^V^ 
TABLE AND STORE ART 




* 


YES 



FIG. 3B 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 11 of 25 . 



BRIDGING AND 
ROUTING 
301 




BRIDGING AND ROUTING 

i*r flow 

j 138^ 



LAYER-2 
AND -3 VALIDITY 
CHECKS AND MARK xCFH 
254 



FORWARD TO 
HOST'S IP 
STACK 




YES 



< 



RETURN 

399 



> 





LOOKUP IP 




^•""DESTINATION ADDRESS IN\. 




Sv TABLE AND STORE ART 






.. .. - 


YES " 



FIG.3C 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 12 of 25 



INBOUND NAT 
(INAT) FILTERING 
401 



NAT FILTERING 
FLOW 

13Z 




GRE PACKET? 
4JZ 



NO 



^^ATCH IN TABLE?****^^^ 




<^STORE CT INDEX IN CFH J> 


419 J 




HQ. ^ ' 




YES 





IPSEC PACKET? 
420 



NO- 



TES 



^^"^ATCH IN TABLE?*^^^ 
C^STORE CT INDEX IN CFH 

421 


*\ 422 y 




YES 






OBTAIN AND 
STORE NT 
INDEX IN CFH 
416 



OBTAIN AND 
STORE ART 
INDEX IN CFH 
42Z 



f RETURN A 
I 428 J 



FIG. 4A 



Atty Dkt. No. NVDA P000605 US 
U.S. Serial No. Unkown 
Filed: Herewith 

Applicant: Mauferetal. „ 

Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 13 of 25 




FIG. 4B 



OUTBOUND FILTERING 
" . -\ FLOW 
155 




(S) 

p 

© 

o 
o 
o 

P J 

> C t: 

z P as 



9i 



O 



o 



C 



Q 



Q 

UJ 
H 
< 
H 

Q 

< 

D 

U 
P 
Pi 

oo 

< 

< 



o 
o 

r- 

o 



O 

2 

CO 
oo 

UJ CO 

y p 
o 

O 

y 

o ^ 

cu 

% o 

— «V1 

o 



< h u- pj a, 



D 

a 

x 




GRE PACKET? 
51Z ' 



YES 





MO 










^^^atch\^ 

IN TABLE? 
\ST0RE INDEX,- IF THERE^ 
^^" 518 






YES 






FIG. 5A 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mai| No.: EV 324942700 US 
Page 15 of 25 




OUTBOUND FILTERING 
FLOW 

155A 



OBTAIN CT 
AND NT 
INDICES FROM 
CFH 

566 



LAYER-2/LAYER-3 
VALIDITY CHECK(S) 
OKAY? 

YES 



IP OPTIONS OKAY? 
508 



NO_ 



E 

507 



NO 



E 

509 



IP 

FRAGMENT? 

. 504 * 



YES 



E 

5J£ 



TCP PACKET? 
510 



YES 



FOR NEW 
CONNECTION? 
511 



NJ} 




Y_£S_ 



UDP PACKET? 
513 







IN TABLE? 




S»^STORE INDEX, IF THERE^-^ 


YES 


^-«^514 — 




NO 






YES 



IPSEC PACKET? 
520 



YES 




TRANSLATE 
PACKET FROM 
PRIVATE TO' 
PUBLIC 
ADDRESS 
S§7_ 



^>*^ATCH > *\^ 




IN TABLE? 




t= ^TORE INDEX, IF THERE^ 








Y£S_ 







LOOKUP FIVE- 
TUPLE 
586 



NO 



RETURN 
528 





TRANSLATE 
PACKET FROM 
PRIVATE TO 
PUBLIC 
ADDRESS 
587 


i : 





FIG. 5B 



Atty Dkt. No. 
U S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 16 of 25 



CT 
600 



ART 
INDEX 
601 


REMOTE JP 
ADDR 
§02 


SPl/CALL ID 
603 


LOCAL IP 
ADDR 

m 


REMOTE PORT 

/605 ■ 


"NT INDEX 
606 


LOCAL PORT 
607 


IP PROTOCOL 
608 


TCP STATE 
609 

• 


SEQ. NO. 
610 

— — — — . 



FIG. 6 



NT 

ZQ0_ 



ART INDEX 
601 


REMOTE IP 
ADDR 

602 


SPl/CALL ID 
603 


PUBLIC IP 
ADDR 
704 


REMOTE PORT 
605 


CT INDEX 

706 


PUBLIC PORT 


IP PROTOCOL 
608 



FIG. 7 



ART 
800 



ART INDEX 


. MAC ADDR 


VIRTUAL LAN 10 


INTERFACE MASK 


601 


801 


SQ2 





FIG. 8 



RT 

900 



IP DESTINATION 
ADDR 
901 



, IP SOURCE 
ADDR 

902" 



ART INDEX 

§01 



FIG.9A 



Atty Dkt. No. NVDA P000605 US 

U.S. Serial No. Unkown 

Filed: Herewith 

Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 

FOR NETWORK PROTOCOL PROCESSING 

Express Mail No.: EV 324942700 US 

Page 17 of 25 



YES 




STATE TABLE 
CREATION FLOW 
910 



CREATE CT IF FIREWALL 
ACTIVATED 
9Q5 



— r 

< RETURN 
906 




FIG. 9B 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P0OO6O5 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 18 of 25 



(CLOSED A 



PASSIVE 
OPEN 







LISTEN 

3oa 



RCVD SYN 



AGE OUT 
OR CLOSE 



SYN-RCVD 
305 




STATE TRACKING 
FLOW 
FLOW 

531- 



' SENT SYN 



SW STATES 



SENT SYN 



SENT SYN 



SYN-SENT 
904 



"RCVD SYN 



SENT SYN-ACK 





SYN-RCVD- 
SYN-SENT. 
205 








^ SENT SYN-ACK 



RCVD SYN-ACK 



SYN-RCVD- 
SYN-SENT1 

. 907 



SYN-RCVD- 
SYN-SENT2 
908 



RCVD SYN-ACK 



SYN-RCVD- 
SYN-ACK- 
SENT 
912 



SENT FIN 



RCVD ACK 
OF SYN 



^SENT SYN-ACK 



RCVD SYN-ACK 



ESTABLISHED 
909 



SENT FIN 



RCVD FIN 
AND ACK OF 
FIN IN THE 
SAME ^ 
PACKET 



FIN-WAIT1 
914 



V_SENT ACK 
OF SYN 



SYN-SENT- 
SYN-ACK- 
RCVD 
913 



RCVD FIN 



SENT FIN 



a: 



RCVD FIN 



RCVD 
ACK OF 
FIN 



\RCVD 
FIN • ■ 



SENT FIN 



Li 



V_RCVD FIN 



CLOSE-WAIT- 
FIN 
915 



V 



SENT 
ACK OF 
FIN 



FIN-WAIT2 
916 



RCVD 
FIN 



FIN-WAIT2-FIN 

221 . 



CLOSING-FIN 
917 



RCVD 
ACK OF 
FIN 



CLOSE-WAIT 



SENT 
ACK OF 
FIN 



X.SENT 
~ FIN 



CLOSING 
922 



LAST-ACK 
923 



RCVD 
ACK OF 
FIN 



.SENT ACK 
OF FIN 



TIME-WAIT 
924 



X 



TIMEOUT 



< CLOSED 



SENT FIN 
AND ACK OF 
FIN IN THE 
SAME 
PACKET 

RCVD 
ACK OF 
FIN 



HW STATES 
S2S 



FIG. 10 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No- : EV 324942700 US 
Page 19 of 25 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



OBTAIN PACKET 
INFORMATION 
■ 811' 



GENERATE INDICES 
£12 



STORE PACKET 
INFORMATION AND 
INDICES . 



DATA POPULATION FLOW 

850 



FIG. 11 



Arty Dkt. No. NVDA P000605 US 

U.S. Serial No. Unkown 

Filed: Herewith 

Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 

FOR NETWORK PROTOCOL PROCESSING 

Express Mail No.: EV 324942700 US 

Page 20 of 25 



Input from MAC Layer 
1097 



Output to MAG Layer 
or Host Bus 
1098 



NPU 

1070 



MAC Interface (Ml) 
1010 



Frame Input 
• 1011 



Mem 
1013 



1230 



Count 
1044 



Counter 



Tot. 



Frame Output 

mi 



Decapsulation 
1021 



Validation 
1022 



Security 
1023A 



Encapsulation 
1028 



Security 
1023B 



Fragment 
1027 



I 



I 



Seq. 
Proc. 
1020" 



Front End 
. (FE) 



Network Address Translation 
(NAT) Input 
M 



I 



NAT Output, Firewalling, Flow 
Classifying 

ism ^ 



Bridging and Routing, Multicast Expansioning 

1032 



Address Translator 
1030 



I 



Host MAC 
1M> 



Memory 
1052 


600 


700 


800 


900 


701 


702 



Memory Arbiter 
1051 



Privelege and 
Command 
Engine 
1252 



Input/Output 
From/To 
Host Bus 
1099 



FIG. 12A 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P00O6O5 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 21 of 25 



1081 




1082 




PACKET PROCESSING FLOW 
1080 



RECEIVE PACKETS 

TO NPU AND 
BUFFER PACKETS/ 
INCREMENT 
COUNTER 
1061 



CHECK CT FOR AN 
ENTRY FOR EACH 
PACKET 
1062 



SEND PACKET TO 
NPUsoft 

1064 



BUILD CT ENTRY 

1065 




BUFFER. PACKET 
1074 







*1 




PROCESS PACKET 
IN SEQENCE 
1066 ' 


OBTAIN NEXT 
PACKET FROM 
BUFFER 
1069 




i 




SEND PROCESSED 
PACKET TO NPU 

1067 I 


" i 






SET READY FLAG 
ASSOCIATED WITH 
CT ENTRY 
1071 



SEND NEXT 
PACKET TO NPU 
1 077 



SEND 
PACKET 

TO 
NPUsoft 
• 1079 



YES 



PROCESS PACKET 

1075. 



DECREMENT 
COUNTER/ 
FORWARD PACKET 
1072 



PROCESSED 
PACKETS 
1076 



FIG. 12B 



Atty Dkt. No. NVDA P000605 US 

U.S. Serial No. Unkown 

Filed: Herewith 

Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING 

FOR NETWORK PROTOCOL PROCESSING 

Express Mail No.: EV 324942700 US 

Page 22 of 25 



Computer 
1000 



CPU 
1001 



Input/Output Interface 
1002 





MCP 
1004 



A—K 



System Memory 
1003 



1007 



A 



NPU 
1070 



Support Circuits 
1006 



Input/Output 
from/to Network 
1005 



FIG- 13 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 
Applicant: 



NVDA P000605 US 
Unkown 
Herewith 
Maufer et al. 



Title: DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 23 of 25 



Remote Node 
1104 







1005 




Computer 
System 
1000 




Local Node 
1101 



Local Node 
1101 ' 



FIG. 14 



Atty Dkt. No. 
U.S. Serial No. 
Filed: 



NVDA PO0O605 US 

i 

Unkown 
Herewith 
Applicant- Maufer et al. 

Title DATA STRUCTURES AND STATE TRACKING 
FOR NETWORK PROTOCOL PROCESSING 
Express Mail No.: EV 324942700 US 
Page 24 of 25 




HASHING 
, TABLE 
1110A 




HASHING 
TABLE 
111QB 



CONNECTION 
■ 1111-1 



CONNECTION 
1111-2 



CONNECTION 
1111-3 



CONNECTION 
1111-1 



CONNECTION 
. 1111-3 



CONNECTION 
1111-2 . 



. i. 



FIG. 15A 



FIG. 15B 



Atty Dkt. No, NVDA POO0605 US 

U.S. Serial No. Unkown 
1 Filed: Herewith 
| Applicant: Maufer et al. 

Title: DATA STRUCTURES AND STATE TRACKING f 
\ FOR NETWORK PROTOCOL PROCESSING I 
\ Express Mail No.: EV 324942700 US [ 
l N Page 25 of 25 



IP FRAGMENT 
tFLOW 
12Q0 




DROP 
FRAGMENT 
'1206 



NO 



BUFFER . 
FRAGMENT 
1204 . 



I 



OBTAIN PACKET AND 
FRAGMENT IDENTIFIERS 

1207 



WAIT A SET 
TIME INTERVAL 
1214 



YES 



RESERVE 
BUFFER SPACE 
1202 ' 



^-^OBTAlN^w 

<JCHECKSUM. VALID7> 
1205 




START TIMER 
1203 


'i 


YES_ 





BUFFER 
STACK 
1230 




REASSEMBLY AS A 
SINGLE PACKET 
1210 




i 



PROVIDE TO PACKET 
INTERROGATION 
FLOW AS PACKET 
INPUT 



FRAGMENT 1 



FRAGMENT 3 



FRAGMENT N 



FIG. 17 




FIG. 16 



